Overview

overview

7

Static

static

3

d370c1d5c4...18.exe

windows7-x64

7

d370c1d5c4...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    97s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d370c1d5c4998189839c11e70acb02d0_JaffaCakes118.exe

  • Size

    148KB

  • MD5

    d370c1d5c4998189839c11e70acb02d0

  • SHA1

    c7abe6f7320f6ea96047c2b2a2d03656dc23098b

  • SHA256

    526ef833bbece263f30f4005af9844e0c12a37909473c03ddcdedb1e90ca7935

  • SHA512

    ab5c5b21868cf1c188c2d78b0a3a7d11fa7c8efbe73dd4d4e3d18621efad5785c04baf8ba43044901fc22938e00ac841529710621c5b2105f323f010886ccd6f

  • SSDEEP

    3072:vZXS55JHPUTTBfsd43skd6rYD7MHiCKo+k7:y5VPUTTBGurdsYD4HiCV

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d370c1d5c4998189839c11e70acb02d0_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\d370c1d5c4998189839c11e70acb02d0_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\M82Gx28P5Bn888A.exe.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:732
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\d370c1d5c4998189839c11e70acb02d0_JaffaCakes118.exe.bat" "
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\M82Gx28P5Bn888A.exe
    Filesize

    116KB

    MD5

    63c596fabfd451e790396fd64f18c5b2

    SHA1

    c23acb2437d8dba7da5f71a461dbd74ef78f8ba7

    SHA256

    7ed48611852f499da7f71ec8c36b8e0c23d4e94046d2b5771f080e21ed3fb9f1

    SHA512

    bea5ffc0a44cb55f3f62d5214716ddbd5213238d055cecaf096089ca7d9f79768d6c2082b715573cb7fabf71965171661d851f5de6b694c64afc31291b909c08

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\M82Gx28P5Bn888A.exe.bat
    Filesize

    207B

    MD5

    4cc53a12c1a994e50772dfb86215dee6

    SHA1

    fa333251352c2529aab7d84a8fc4dc5615446d75

    SHA256

    3623c6a9d4d6252b055b7647ae153eb719d2812273e54c2d5d7b669161e8f1fe

    SHA512

    a5a23c5ee62454e41df6190aec4f0e69b4ac7f4ca46805d944ac27a59d1f1732eb3d68f99777a8209b0200f8af980bb0c0353cad9388b1cedd2b123343596412

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\d370c1d5c4998189839c11e70acb02d0_JaffaCakes118.exe.bat
    Filesize

    453B

    MD5

    a1ff99bbd7a9c551a1c3fa9db6a2f4b6

    SHA1

    6fa858731b64fdb74e0b7623ca71329695e2e58e

    SHA256

    e873f07c0dbc16d3be35b8590d1b158497b9a560987e0511192b37d956c2ca8d

    SHA512

    1f7f5460e0a8bba0cc4c5ea84068d007a98082a3b08e0bb8a4f9f46fce9a6dd984ee368202e7b020f6729830da086cc4aafab9b02139ad615a260d8b4e817f47

    Download Submit